See https://github.com/isaacs/github/issues/1091: Right now, it's basically impossible to have any protection around tags: * Anyone with write access to a repo can push any tags. * There's no auditing/logging of tag changes. Any number of things could be done to improve this: * Add an option to protect individual tags (or better yet, any tags that match a given regex/have a certain prefix), like how how branches can be protected. * Include tagging events in the per-organization audit logs. * Allow tag pushes to be locked down more tightly, like only allowing admins to push tags.
... View more